Hacking the CIA

Periodically we like to share a few of the stories and posts from across the web that caught our eye. There are no editorial threads implied connecting these items together, other than being interesting.

#1: The Fight Over Airwaves. Several facts of war are as old as battle itself. They are ugly, bloody affairs. Far too much that is precious is lost. And each new war creates its own new technology.

Military history through the centuries demonstrates the winning side doesn’t have to be the richest or biggest – but they do have to be the most adaptable to new innovations. In Iraq and Afghanistan, that innovation has been the IED.

A controlled IED explosion in Iraq (photo: U.S. Marine Corps)

Technically, the term IED – short for Improvised Explosive Device – is a catch-all, describing any explosive assembled from a wide range of materials and detonated by means from low to high-tech. In Iraq, old munitions rigged with mobile phones proved popular, allowing lethal weapons to be hidden under or near a road and set off from a safe distance. And they are lethal: in just the first two years of the Iraq War, over 7,700 U.S. military personnel had been killed or wounded by the hidden bombs.

If the IED is the weapon of choice in this war, stopping it would be a decisive blow.

Noah Shachtman, writing for Wired’s brilliant “Danger Room” blog, explores the long and often hidden work by U.S. firms to develop wireless jamming technologies that not only block the IED’s detonation, but may actually track down its builders. His feature “The Secret History of Iraq’s Invisible War” takes readers to the battlefields of Iraq and Afghanistan, into the offices of military brass, and inside the classified labs where all this technology is being developed:

“Tucked behind a Target and an Olive Garden knock-off, the flat, anonymous office building gives no hint of what’s inside. Nor do the blank, fluorescent-lit halls. But open a door off of one of those halls, and people start screaming.

“‘Screens off!’ barks a man with a fullback’s build. ‘Turn off the test equipment!’ On the ceiling, a yellow alarm light flashes and spins — the sign that someone without a security clearance is in a classified facility.”

Shachtman, also a fellow at the Brookings Institution, details the development of a variety of jamming technologies, with names like Shortstop, Prowler and Warlock Green. By and large they have proven very successful – notably in Iraq, but less-so in Afghanistan, as enemy combatants have tried to adapt to the U.S. military’s adaptations. Of one new system under development, dubbed the JCREW, Shachtman writes:

“The JCREW 3.3s are supposed to be fully networkable, and able to communicate over the military’s wireless battlefield networks. That should save them some power and interference– if you’ve got four jammers in a convoy, for instance, one can silence a receiver while the other three quiet down. Or maybe that jammer can spot the threat, record its signal and location, and transmit that information back to headquarters. In that way, the new machine becomes more than a single bomb-beater. The system might help track down the explosives, and the guys who planted them. It could be configured to listen in on communications — those cell phones are for more than triggering explosives, after all. Hell, if the machines are passing data back and forth, they could work as radios themselves, in theory.

“With proper power management and frequency coordination, the new JCREW could have a whole new range of “potential targets,” according to a company briefing. Those include ‘information systems and infrastructure,’ drones, communications grids, sensors, ‘position, navigation and timing capabilities’ (that’s shorthand for GPS signals), as well as ‘aircraft, vehicles, ships, troops.’ In other words: everything.”

#2: Hack Attack. It looks like the hacker group “Anonymous” – most commonly described as “shadowy” by writers – has new competition. It’s called “LulzSec”, and although they’re just as shadowy, they’re making a very public splash.

“LulzSec” appears to be a collective venture whose main goal is making trouble – or in their own words, “causing lulz.” In the lingo of the Twitter Age, ‘lulz’ is a variant of ‘lol’, which means “laugh(ing) out loud.” However, while a lol might be applied to a joke or funny picture in appreciation of something mildly amusing, a lulz has come to mean laughs at the expense of others. A cute kitten picture prompts a lol; someone who has their accounts hacked and private information exposed is a lulz.

Given the widely distributed structure and very illegal activities of hacker groups, it’s hard to speak with much certainty about them. However, in the past attacks from Anonymous have tended to spring from a political or ideological root – witness Anonymous’ attacks on VISA and MasterCard, when they stopped allowing donations to Wikileaks, or their efforts to pierce the government firewalls of the Egyptian and Syrian regimes.

Judging by their targets – and their boastful Twitter feed – LulzSec isn’t so discriminating. Their victims have included broadcasters Fox.com and the Public Broadcasting System, the U.S. Senate and the FBI, the Sony Corporation and users of the definitely Not-Safe-For-Work pron.com website. This week saw their most audacious attack yet: the Central Intelligence Agency, or CIA.

“The hyperactive hacker team took down CIA.gov Wednesday evening, seemingly with a denial of service attack. ‘Tango down – cia.gov – for the lulz,’ the group wrote matter-of-factly on its twitter feed. LulzSec hasn’t revealed much about exactly how it remains anonymous while pulling off such provocative hacks. Whatever proxy servers or VPNs it’s using to covering its tracks, hacking targets like the Senate and the CIA will certainly put those safeguards to the test.”

As a rule hackers shun identification but love attention. Their very actions are meant to provoke, or inflict damage, and their statements are a jargon-laden mix of taunts and Internet memes. Consider this, from their release of sensitive information from the Senate’s networks:

Greetings friends,
We don't like the US government very much. Their boats are
weak, their lulz are low, and their sites aren't very secure.
In an attempt to help them fix their issues, we've decided
to donate additional lulz in the form of owning them some more!
This is a small, just-for-kicks release of some internal data
from Senate.gov - is this an act of war, gentlemen? Problem?

Hackers are notoriously unreliable – often taking credit for hacks they didn’t cause, or threatening actions they don’t fulfill. But given the rapid growth and increasingly provocative hits by LulzSec, their threats are taken very seriously. Several of their most recent tweets are suggesting a new target – and one previously humiliated by Anonymous – the cyber-security firm HBGary.

#3: The Naked Truth. You can always count on Luke Allnutt of our sister broadcaster RFE/RL (Radio Free Europe/Radio Liberty) to give you something to think about. Or at least something.

His most recent post in the ‘Tangled Web’ blog introduces us to Kazakh journalist Gulzhan Ergalieva…and we do mean introduce. It seems that Ergalieva, who recently left (or was pushed from) her position as chief editor for the Kazhakh newspaper Svoboda Slova, was looking for a way to promote her new muck-racking blog venture, Guljan.org. She apparently found it with this video, which has set tongues wagging across the sprawling Asian republic.

Journalist Gulzhan Ergalieva engaging with readers on her YouTube video

In it, Ergalieva sits in front of a TV set, shaking her head disapprovingly of the tightly-controlled media. “Better the naked truth than a well-dressed lie,” she says in voiceover, as she begins removing her clothing piece by piece while walking just out of camera range. In some places the video would be considered relatively tame, but it’s provocative enough in this conservative nation to generate controversy…and attention.

The American ex-pat blogger of ‘KZBlog‘ says that so far Guljan is running stories covering “…problems with the oil industry in the west, high mortgages, questions about the Nurbank controversy and links to blogs by Zhovtis and Abilov, so she isn’t shying away from touchy issues.”

We wish Ms. Ergalieva luck with her new venture, and would only suggest that perhaps KZBlog find a different adjective to describe Guljan’s coverage…or lack thereof.

[…] Security” or LulzSec for short – suggesting more mischief than activism. As we discussed in an earlier post: “LulzSec” appears to be a collective venture whose main goal is making trouble – or in […]

What’s Digital Frontiers?

The Internet, mobile phones, tablet computers and other digital devices are transforming our lives in fundamental and often unpredictable ways. “Digital Frontiers” investigates how real world concepts like privacy, identity, security and freedom are evolving in the virtual world.